Re: [Owasp-delhi] [Owasp-Mumbai] SOAP & Web Services issues - vulnerabilities

Hi Purohit, You can test for the following vulnerabilities in SOAP based Web Services: External entity XPath / Xquery Injection XML Injection Recursive payload Oversized payload WSDL scanning Schema poisoning Authentication/Authorization Input flaws (SQL / XSS) Error handling Hope that helps. --

Re: [Owasp-delhi] VA for IIS

Another tool which can be used for free http://www.acunetix.com/index.htm regards Parthajit From: owasp-delhi-boun...@lists.owasp.org [mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Satyajit Das Sent: Wednesday, February 24, 2010 2:06 PM To: owasp-delhi@lists.owasp.org; owasp-bangal..

[Owasp-delhi] checklist for web server V.A

hi OWASP Delhi, 1. Can anybody provide exhaustive checklist for web server vulnerability assessment in general. 2. Exhaustive checlist to perform v.a od IIS 6.0 Web Server V.A must be brought under OWASP. Thanks & regards, Suresh___ Owas